DigitalOcean Firewall Updater

Visit site

Keep your whitelisted ip address up to date in the digitalocean firewall

MIT License


Travis Build

This simple golang program will keep your ip address up to date in the digitalocean firewall, so that you don’t have to do it manually.

It’s written in golang so that you don’t need any dependency, simply download the correct executable for your system from the github releases page to run it on:

  • Windows 32 and 64 bit
  • macOS 32 and 64 bit
  • Linux 32 and 64 bit
  • Linux Arm v7 and v8 (the raspberry pi for example)

Build From Source

Alternatively, if you have a Go environment configured, you can install the development version from the command line like so:

$ go get

How it works

Every time you run it will remove the ip addresses in the old_ips.json file from your existing rules and replace them with your current ipv4/6 addresses.

Because of this your current ip address must be already present in the rules which you want to keep up to date with your latest ip address before running this program for the first time.

Your new ip address is then saved in the old_ips.json file after successfully updating the firewall rules.

It supports both dual stack internet connections and ipv4 or ipv6 only connections.

Running it

To run it do

/path/to/executable --token DIGITALOCEAN_API_TOKEN --firewall-id THE_FIREWALL_ID

To generate a new api token go to the Applications & API section in the digitalocean control panel and create a new personal access token.

The token must have read and write privileges.

You also have to specify the --firewall-id or the --firewall-name argument.

If you prefer using the firewall id but you don’t know it simply look at the url in your browser while browsing the page to edit an existing firewall.

Example control panel firewall id

You can also change the url of the api used to get your public ip address by specifying the --ip-api argument, by default it uses

If you also want to keep your ipv6 address up to date make sure that the api you are using also supports connections from ipv6 addresses.

The api http response body must contain only the ip address, json is not supported.

Running it regularly

Create a cron job with:

crontab -e
*/15 * * * * /path/to/executable --token DIGITALOCEAN_API_TOKEN --firewall-id THE_FIREWALL_ID

The example will run every 15 minutes.

If you want to update the same firewall from multiple computers with different connections make sure that the cron job doesn’t run at the same time as the other computers to prevent race conditions.

Was this helpful?
Leave a comment

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Publish your Tool on Community

Have you created an Integration, API Wrapper, Service, or other Tool that helps developers build on DigitalOcean? Help users find it by listing it in Community Tools.

Featured on Community

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel